From a06263d738e74db88398a22d81f6097c2556cc8c Mon Sep 17 00:00:00 2001 From: Tobie Morgan Hitchcock Date: Tue, 19 Jul 2016 17:38:32 +0100 Subject: [PATCH] Disable individual encryption per transaction --- kvs/boltdb/tx.go | 16 ---------------- kvs/mysql/tx.go | 16 ---------------- kvs/pgsql/tx.go | 16 ---------------- sql/use.go | 12 ++---------- 4 files changed, 2 insertions(+), 58 deletions(-) diff --git a/kvs/boltdb/tx.go b/kvs/boltdb/tx.go index a7e3c5b2..13b08eb2 100644 --- a/kvs/boltdb/tx.go +++ b/kvs/boltdb/tx.go @@ -163,11 +163,6 @@ func (tx *TX) Put(key, val []byte) (err error) { return } - if val, err = cryp.Encrypt(tx.ck, val); err != nil { - err = &kvs.CKError{err} - return - } - if err = tx.bu.Put(key, val); err != nil { err = &kvs.DBError{err} return @@ -205,11 +200,6 @@ func (tx *TX) CPut(key, val, exp []byte) (err error) { return } - if val, err = cryp.Encrypt(tx.ck, val); err != nil { - err = &kvs.CKError{err} - return - } - if err = tx.bu.Put(key, val); err != nil { err = &kvs.DBError{err} return @@ -359,12 +349,6 @@ func get(tx *TX, key, val []byte) (kv *KV, err error) { val: val, } - kv.val, err = cryp.Decrypt(tx.ck, kv.val) - if err != nil { - err = &kvs.CKError{err} - return - } - kv.val, err = cryp.Decrypt(tx.ds.ck, kv.val) if err != nil { err = &kvs.CKError{err} diff --git a/kvs/mysql/tx.go b/kvs/mysql/tx.go index 195be267..2f4ffdd3 100644 --- a/kvs/mysql/tx.go +++ b/kvs/mysql/tx.go @@ -191,11 +191,6 @@ func (tx *TX) Put(key, val []byte) (err error) { return } - if val, err = cryp.Encrypt(tx.ck, val); err != nil { - err = &kvs.CKError{err} - return - } - if _, err = tx.tx.Exec("INSERT INTO kv (`key`, `val`) VALUES (?, ?) ON DUPLICATE KEY UPDATE `val` = ?", key, val, val); err != nil { err = &kvs.DBError{err} return @@ -228,11 +223,6 @@ func (tx *TX) CPut(key, val, exp []byte) (err error) { return } - if val, err = cryp.Encrypt(tx.ck, val); err != nil { - err = &kvs.CKError{err} - return - } - if _, err = tx.tx.Exec("INSERT INTO kv (`key`, `val`) VALUES (?, ?) ON DUPLICATE KEY UPDATE `val` = ?", key, val, val); err != nil { err = &kvs.DBError{err} return @@ -340,12 +330,6 @@ func get(tx *TX, key, val []byte) (kv *KV, err error) { val: val, } - kv.val, err = cryp.Decrypt(tx.ck, kv.val) - if err != nil { - err = &kvs.CKError{err} - return - } - kv.val, err = cryp.Decrypt(tx.ds.ck, kv.val) if err != nil { err = &kvs.CKError{err} diff --git a/kvs/pgsql/tx.go b/kvs/pgsql/tx.go index 91695d23..3ed08871 100644 --- a/kvs/pgsql/tx.go +++ b/kvs/pgsql/tx.go @@ -191,11 +191,6 @@ func (tx *TX) Put(key, val []byte) (err error) { return } - if val, err = cryp.Encrypt(tx.ck, val); err != nil { - err = &kvs.CKError{err} - return - } - if _, err = tx.tx.Exec("INSERT INTO kv (`key`, `val`) VALUES ($1, $2) ON DUPLICATE KEY UPDATE `val` = $3", key, val, val); err != nil { err = &kvs.DBError{err} return @@ -228,11 +223,6 @@ func (tx *TX) CPut(key, val, exp []byte) (err error) { return } - if val, err = cryp.Encrypt(tx.ck, val); err != nil { - err = &kvs.CKError{err} - return - } - if _, err = tx.tx.Exec("INSERT INTO kv (`key`, `val`) VALUES ($1, $2) ON DUPLICATE KEY UPDATE `val` = $3", key, val, val); err != nil { err = &kvs.DBError{err} return @@ -340,12 +330,6 @@ func get(tx *TX, key, val []byte) (kv *KV, err error) { val: val, } - kv.val, err = cryp.Decrypt(tx.ck, kv.val) - if err != nil { - err = &kvs.CKError{err} - return - } - kv.val, err = cryp.Decrypt(tx.ds.ck, kv.val) if err != nil { err = &kvs.CKError{err} diff --git a/sql/use.go b/sql/use.go index dbe6c504..c4524f48 100644 --- a/sql/use.go +++ b/sql/use.go @@ -21,7 +21,7 @@ func (p *Parser) parseUseStatement(explain bool) (stmt *UseStatement, err error) var tok Token var exi bool - tok, _, err = p.shouldBe(NAMESPACE, DATABASE, CIPHERKEY) + tok, _, err = p.shouldBe(NAMESPACE, DATABASE) if err != nil { return nil, err } @@ -46,15 +46,7 @@ func (p *Parser) parseUseStatement(explain bool) (stmt *UseStatement, err error) p.c.Set("DB", stmt.DB) } - if is(tok, CIPHERKEY) { - _, stmt.CK, err = p.shouldBe(IDENT, STRING) - if err != nil || (len(stmt.CK) != 16 && len(stmt.CK) != 24 && len(stmt.CK) != 32) { - return nil, &ParseError{Found: stmt.CK, Expected: []string{"16, 24, or 32 bit cipher key"}} - } - p.c.Set("CK", stmt.CK) - } - - tok, _, exi = p.mightBe(NAMESPACE, DATABASE, CIPHERKEY) + tok, _, exi = p.mightBe(NAMESPACE, DATABASE) if !exi { break }